About us

We started this because we were tired of the alternative.

Large firms that assigned juniors to work that was sold by partners. Automated scan reports repackaged as security assessments. Compliance documentation that satisfied the checkbox but left real exposure untouched.

Background

Based in Cologne. Working across the EU since 2023.

EncryptEdge One was founded in Cologne in 2023 by consultants who had spent years inside larger security practices and repeatedly ran into the same problem: the gap between what was sold and what was delivered.

The EU market, in particular, had a specific need that generic cybersecurity consulting did not address well — companies expanding across member states, managing GDPR obligations, and increasingly subject to NIS2, but without the security infrastructure of an enterprise.

We built a practice around that client. Small enough to give every engagement direct attention. Experienced enough to produce work that holds up when a regulator or enterprise buyer looks at it closely.

We are based in Nordrhein-Westfalen, which puts us close to one of Germany's densest concentrations of mid-market and scale-up businesses — and a short flight from the clients we serve elsewhere in the EU.

How we work

The audit-first methodology, explained.

01

No default packages

We do not have a standard price list because the right engagement depends on what you actually have, not what the average company has. Two companies with identical headcount can need entirely different scopes. We find out before we propose.

02

Scoping call before any proposal

Every engagement starts with a 30–60 minute conversation. We ask about your environment, your data types, your existing controls, and what outcome you actually need. The written proposal comes after that — not before.

03

The consultant on the call is the consultant on the job

There is no handoff from sales to delivery. The person who understands your situation is the person who does the work. This is not a boutique positioning statement — it is how a team of this size operates by default.

04

We tell you when we are not the right fit

If an engagement requires capabilities or capacity we do not have, we say so on the scoping call. We would rather lose the work than deliver something below the standard we hold ourselves to.

05

Documentation that survives scrutiny

Every deliverable is written for the person who will read it in six months when something goes wrong, or when an auditor asks a question, or when a client requires evidence. Not for the immediate recipient only.

The team

Who does the work.

Niklas Brandt

Lead Security Consultant

Niklas spent nine years in enterprise security consulting before founding EncryptEdge One, with previous work at financial services firms across Germany and the Netherlands. He leads penetration testing and incident response engagements, and holds certifications in offensive security and digital forensics. His background is in network security and post-breach forensics.

Covers: Penetration testing · Incident response · Forensics

Renata Voss

Compliance and Risk Lead

Renata worked in regulatory compliance and data protection for six years before joining the practice, with a background in German and EU information law. She leads NIS2, GDPR Article 32, and ISO 27001 engagements, and has advised companies on preparing for supervisory authority audits under the DSGVO. She holds a postgraduate qualification in information law from Universität zu Köln.

Covers: NIS2 · GDPR / DSGVO · ISO 27001 · Risk management

Start with a conversation.

A 30-minute call to understand your situation. No commitment, no follow-up unless you want it.

Book a scoping call